×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Kabobgub
Explorer
Member since: ‎03-18-2015
‎06-05-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎03-18-2015
Activity Feed
Topics I've Started
View All

Re: Parsing XML data from fields

by in Splunk Search
‎04-09-2015 08:46 AM
‎04-09-2015 08:46 AM
Problem is that this is part of very wide system and this search generated too much data for the current visualization. I will really appreciate if you will tell me, how can I customize this search or what commands I need to use for my goals. For example if I need to see values of MISCONF_RISK.HIGH only or values of MISCONF_ALL fields or values exept MISCONF_STATUS.SUCCESS. I've tried some ways to do it but is too complicated for me. ... View more

Re: Parsing XML data from fields

by in Splunk Search
‎04-08-2015 05:05 AM
‎04-08-2015 05:05 AM
The reason it is not suitable, that I have some junk fields in this case. All I need is to connect this two fields and have some visualisation of them. Thanks for your solution, but It differs a little from what I need. I will apreciate if you will give me some advice for my case ... View more

Re: Parsing XML data from fields

by in Splunk Search
‎04-07-2015 09:22 AM
‎04-07-2015 09:22 AM
Thanks. It should work, but in this case I have a table with ALL my fields displayed. Could you tell me how can I use only this two fields? ... View more

Re: Parsing XML data from fields

by in Splunk Search
‎04-07-2015 09:04 AM
‎04-07-2015 09:04 AM
It seems to be right, but not working. ... View more

Re: Parsing XML data from fields

by in Splunk Search
‎04-07-2015 08:39 AM
‎04-07-2015 08:39 AM
Almost. Actually it is situated between <group > <service> "this part" </service> </group > The rest is right. ... View more

Parsing XML data from fields

by in Splunk Search
‎04-07-2015 07:21 AM
1 Karma
‎04-07-2015 07:21 AM
1 Karma
Hello, after researching a lot of information I still can not recorgnise how to solve this problem. I have an xml file added to splunk, and I've extracted fields through KV_MODE = xml. <result name="MISCONF_STATUS.SUCCESS"><![CDATA[154]]></result> <result name="MISCONF_RISK.HIGH"><![CDATA[39]]></result> <result name="MISCONF_ALL"><![CDATA[606]]></result> So I have two fields here: result{@name} and result. the second is CDATA value. But the problem is they are not connected between eachother. how to define that MISCONF_STATUS.SUCCESS = 154? And so on. I tried to make a chart using this two fields, but it is not working at all. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All